Currently, one technique for protecting a computer from malware is to control the paths that software applications use to access computer resources. The path may be local (e.g., calls to local directories and folders), registry (e.g., calls to the registry of the operating system), network (e.g., access to other computers or resources on the Internet) and the like. Also, the syntax of the paths may vary depending on the type of operating system and the type of file system.
Antivirus applications, for example, can analyze the paths that a program uses to access computer resources, and determine the risks regarding certain actions of the program. However, the analysis is usually a time-consuming task since any analysis methods require calculations using limited hardware resources. To that end, it is possible to define a list of authorized (or unauthorized) paths, and, when a program attempts to access a particular path, the antivirus program can check these lists to determine whether program's action is allowed or prohibited.
Since the paths generally comprise strings of characters, the number of allowed paths can be quite large, and a program can access hundreds or even thousands of paths. Accordingly, the search performed by the antivirus program can be performed for a long time where CPU time spent on searching may exceed the time required to process the request of a computer resource associated with the path. To accelerate the search of a path, it may be more advantageous not to use a set of strings, but other data structures such as trees or tree data structures. However, existing systems and methods for searching paths using tree structures do not effectively solve the task of searching for different paths using a tree. Therefore, there is a need to improve the mechanism for searching paths using tree structures.